CVE-2026-0383
published 2026-02-03CVE-2026-0383: A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file…
PriorityP343high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.20%
9.7th percentile
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| broadcom | fabric_operating_system | < 9.2.1c2 | 9.2.1c2 |
| broadcom | fabric_operating_system | — | — |
| broadcom | fabric_operating_system | >= 9.2.2 < 9.2.2b | 9.2.2b |
| brocade | fabric_os | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.2HIGHCVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jqcf-6mg8-wxx4: A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored
ghsa_unreviewed·2026-02-03
CVE-2026-0383 [HIGH] CWE-78 GHSA-jqcf-6mg8-wxx4: A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command.
Red Hat
Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin
vendor_redhat·2026-05-08·CVSS 4.4
CVE-2026-42307 [MEDIUM] CWE-78 Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin
Vim: Vim: Arbitrary code execution via OS command injection in netrw plugin
Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a crafted URL (e.g., using the sftp:// or file:// protocol handlers), an attacker can execute arbitrary shell commands with the privileges of the Vim process. This issue has been patched in version 9.2.0383.
A flaw was found in Vim. A remote attacker can exploit an OS command injection vulnerability in the netrw standard plugin by tricking a user into opening a specially crafted URL, such as one using the sftp:// or file:// protocol handlers. This allows the attacker to execute arbitrary shell commands with the same privi
No detection rules found.
No public exploits indexed.
2026-02-03
Published